ANZ brand under attack again as scammers deploy phishing tactics

A new phishing scam wave impersonating the ANZ brand has once again hit Australian inboxes, targeting customers across the country.

The flurry of dodgy emails, which hit on 28 August, advises recipients that their “last payment was unsuccessful”, before prompting users to click on a link and update phone number contacts.

Furthermore, the link takes recipients to a very similar looking ANZ internet banking page asking users to log in with the intent to access customer’s registration numbers and passwords.

Scammers go even further, by asking recipients who go past the login page to disclose the answers to “three security questions”.

Email filtering company, MailGuard, said the scam hit a large number of inboxes in a short space of time, with the company starting blocking it at 8:16AM on 28 August.

The emails have ANZ Internet Banking for the display name and were sent from the following address customer.data @anz. com (altered).

Screenshot (MailGuard)

MailGuard has reminded potential victims that poor grammar is usually a giveaway on email scams such as this one. Additionally, this particular attack does not address the customer by name, and uses a random account number.

“One of the surest ways to detect a fake is to hover over the email sender name, or in this case also check the landing page URL, to see if it looks legitimate," MailGuard wrote in a blog post.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.